Sha256: cecfef2c64ef80ba83b29585374f10d9b3974296f26bd797d5cb72fb1c84a065

Contents?: true

Size: 1.8 KB

Versions: 3

Compression:

Stored size: 1.8 KB

Contents

require 'facets/array/arrange'

class AwsInventory::SecurityGroup
  class Open < AwsInventory::Base
    include Shared

    def header
      ["Security Group", "Open to World"]
    end

    def data
      opened_security_groups_in_use = opened_security_groups.select do |sg|
        group_ids_in_use = used_security_groups.map(&:group_id)
        group_ids_in_use.include?(sg.group_id)
      end

      # Only display used security groups that have opened ports for review.
      # will delete the unused security groups anyway.
      opened_security_groups_in_use.map do |sg|
        ports = ports_open_to_world(sg)
        [
          sg.group_name,
          ports
        ]
      end
    end

    def opened_security_groups
      security_groups.select do |sg|
        ports = ports_open_to_world(sg)
        !ports.empty?
      end
    end

    # Returns an Array of ports with a cidr of 0.0.0.0/0
    def ports_open_to_world(sg)
      ip_permissions = sg.ip_permissions.select do |permission|
          permission.ip_ranges.detect do |ip_range|
            ip_range.include?('0.0.0.0/0')
          end
        end

      ports = ip_permissions.map do |p|
        if p.from_port == p.to_port
          p.from_port
        else
          (p.from_port..p.to_port)
        end
      end

      ports = combine_ports(ports)
      # convert to string for printing
      ports.map(&:to_s).join(', ')
    end

    # Examples
    #
    # Input:
    #    ports: [80, 443]
    # Output:
    #    ports: [80, 443
    #
    # Input:
    #    ports: [8001, 8000..8002]
    # Output:
    #    ports: [8000..8002]
    def combine_ports(port_objects)
      ports = port_objects.inject([]) do |array, port|
        ports = port.is_a?(Range) ? port.to_a : [port]
        array += ports
        array
      end.uniq
      ports.arrange
    end
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
aws-inventory-0.4.3 lib/aws_inventory/security_group/open.rb
aws-inventory-0.4.2 lib/aws_inventory/security_group/open.rb
aws-inventory-0.4.0 lib/aws_inventory/security_group/open.rb